Microsoft released a patch on the 11th November which patches a vulnerability in SChannel. SChannel is Microsoft a code library that is used to create encrypted connections. This vulnerability is rated critical but not yet seen in the wild. Once the vulnerability is reversed engineered from the patch attacks will commence. The reverse engineering has been made more difficult as there have been other significant changes to the schannel library which have been pushed out as part of the patch. For example new ciphers suites have been made available.

At present we are working on creating a Shield for our RedShield customers but in the meantime the advice is to apply the patches released on Tuesday 11th November. This vulnerability may affect clients (Internet Explorer, Safari on Windows etc ) as well as all Windows servers.